The present disclosure relates to access control, and more specifically, to securely providing access control.
Privileged accounts are accounts that are not assigned to individual accounts and have access to mission critical data and processes. System Administrators typically use privileged accounts to perform administrative tasks on target endpoints and privileged accounts can also be embedded in service files, scripts, and configuration files to facilitate unattended processing.
Privileged accounts may be difficult to control because they are not assigned to an identifiable user, which renders auditing and tracing difficult. This is often seen as a vulnerability that exposes mission critical systems to accidental harm and malicious activities. For security reasons, organizations try to reduce the number of these privileged accounts to a minimum that satisfies operational needs.
Privileged User Password Management (PUPM) is the process through which an organization secures, manages, and tracks all activities associated with the most powerful accounts within the organization.
PUPM provides role-based access management for privileged accounts on target endpoints from a central location. PUPM provides secure storage of privileged accounts and application ID passwords and controls access to privileged accounts and passwords based on policies defined by a system administrator. Further, PUPM manages privileged accounts and application password lifecycle and allows removal of passwords from configuration files and scripts.
Additional security-related issues may arise when a target system involves a virtual device. When a password is checked out from, or used to log into, a virtual device, that virtual device may be suspended or a snapshot can be taken of the device thereby creating in some physical storage device a stored image of the contents of that virtual device. Current tools exist for scanning and analyzing such stored images in such a way as too identify checked out passwords that may be present.